METHOD FOR AUTOMATICALLY PROVIDING A TEMPORARY USER ACCOUNT 

FOR SERVICING SYSTEM RESOURCES 

FIELD OF THE INVENTION 

The present invention relates to the field of servicing system resources such as data processing 
and communication equipment, and more specifically to a method for automatically providing 
temporary access to system resources for purposes such as satisfying service requests from a 
trouble ticket system. ^ 

BACKGROUND 

As the business world has become relentlessly more competitive and as system resources such as 
data processing and communication equipment have become increasingly complex, it has 
become advantageous for a business enterprise to engage a specialized service provider to 
maintain, repair, and manage system resources. Engaging a specialized service provider frees a 
business to focus on its core activities rather than on its system resources. Moreover, a 
specialized service provider may achieve expertise and economies of scale in its niche that are 
unavailable to its customers, whose business interests lie elsewhere. 

In some situations, a service provider may have a central facility that remotely services a number 
of customers. In other situations, the service provider may share facilities with the customer. In 
either case, the service provider must have a user account that enables the service provider to 
gain access to the customer's system resources in order to diagnose and repair problems. 

Today, such accounts are maintained in two ways: either the service provider has a user account 
that stands open full time, or the customer manually opens and closes an account whenever the 
service provider needs access to system resources. 
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Unfortunately, both of these ways of maintaining accounts have significant disadvantages. In the 
first situation, having an open standing account exposes the customer to breaches of security by 
vandals who enter through the open account. In the second situation, waiting for the ad hoc 
opening of an account when service is needed delays the resolution of the customer's problems, 
and may lead to unwanted loss of business or degradation of operational efficiency. 

Thus there is a need for an improved way of providing an account that enables a service provider 
to access a customer's system resources in a timely and responsive way so that problems may be 
resolved as quickly as possible, and yet does not subject the customer to the security risks 
associated with having a standing open account. 

SUMMARY 

The present invention offers an improved way of providing an account that enables a service 
provider to access a customer's system resources. In an embodiment of the invention, temporary 
access for servicing a system resource such as data processing or communication equipment is 
provided by activating a prearranged but otherwise dormant user account in automatic response 
to the occurrence of a trigger event associated with the system resource. A trigger event may be, 
for example, the opening of a trouble ticket by a trouble ticket system. In another embodiment 
of the invention, the prearranged user account is deactivated (returned to dormancy) 
automatically upon occurrence of a closure event associated with the trigger event. A closure 
event may be, for example, the closing of a trouble ticket or downgrading the severity 
classification of a problem tracked by a trouble ticket, the expiration of a predetermined time 
interval following detection of the trigger event, the occurrence of a predetermined time of day 
such as every midnight, and so forth. 

Thus the invention provides a timely yet secure way for a customer to allow a service provider 
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temporary access to system resources that requires neither a standing open account nor manual 
ad hoc opening and closing of a user account for the service provider. These and other aspects of 
the invention will be more fully appreciated when considered in the light of the following 
detailed description and drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram that shows an exemplary structure suitable for application of the 
present invention. 

FIG. 2 is a flowchart that shows aspects of a method for providing temporary access for servicing 
a system resource according to a first embodiment of the invention. 

FIG 3. is a flowchart that shows other aspects of the inventive method in a second embodiment. 

FIG 4. is a flowchart that shows yet other aspects of the inventive method in a third embodiment. 

DETAILED DESCRIPTION 

The invention provides a timely yet secure way for allowing a service provider to have the 
temporary access needed for servicing a customer's system resources, but does not require that a 
user account be left standing open or that a user account be manually opened and closed by the 
customer on behalf of the service provider. 

FIG. 1 is a block diagram that shows an exemplary structure suitable for application of the 
present invention. A service provider 100 provides services to a customer's monitored system 
1 10. For example, the services provided by the service provider 100 may include one or more of 
the following: repair of the monitored system 1 10, maintenance, performance tracking, security 
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management, change management, and so forth. In order to provide these services, the service 
provider 100 needs a user account with the monitored system 1 10 that enables the service 
provider 100 to access elements of the monitored system 110. 

The monitored system 1 10 includes access control logic 120, which the service provider 
communicates with through a communication port 130. A purpose of the access control logic 
120 is to authenticate users, including the service provider 100, who attempt to log-in to or 
otherwise engage system resources 140 of the monitored system 1 10. 

The control logic may accomplish authentication by reference to user account records maintained 
on an associated database 150. These records may concern privileges of the service provider 100 
as well as privileges of other users 160 of the monitored system 110. User accounts are set up 
according to criteria established by the customer, and the access control logic 120 allows or 
denies access to the system resources 140 based on satisfaction of these criteria. 

Within the scope of the invention, the system resources 140 may include data processing 
equipment such as large, mid-range, and personal computers; Internet web servers; 
communication equipment such as private branch exchanges, telephone switches, multiplexers, 
and so forth; as well as other devices such as computer-controlled industrial machinery or other 
equipment that can be serviced remotely by a service provider such as the service provider 100 of 
FIG. 1. However, for the purpose of clarity but not limitation, the invention is described here 
generally using terms suitable for embodiments wherein the system resources 140 include an 
Internet web server. 

As shown in FIG. 1, a monitoring tool 170 monitors the system resources 140 for problems that 
need the attention of the service provider 100, such as malfunction, overload, degraded 
performance, exhausted capacity, and so forth. For example, the monitoring tool 170 may be a 
health checking system for an Internet web server. Although the monitoring tool 170 is shown in 
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FIG. 1 as separate from the system resources 140, the two may be combined, the monitoring tool 
170 may be combined with other elements of the monitored system 1 10, and so forth. 

The monitoring tool 170 is functionally connected to a trouble ticket system 180, so that the 
monitoring tool 170 may automatically open trouble tickets on the trouble ticket system 180 
when the monitoring tool 170 detects problems with the system resources 140 that need the 
attention of the service provider 100. The trouble ticket system 180 may have a connection to the 
service provider 100, for example through the access control logic 120 and the communication 
port 130 as shown in FIG. 1, so that the trouble ticket system 180 may pass trouble tickets to the 
service provider 100. 

Trouble ticket systems, which may also be called incident reporting systems, issue tracking 
systems, and so forth, are well known to those skilled in the art. Many trouble ticket systems 
characterize the severity of a problem so that a service provider such as the service provider 100 
has a sense of the urgency of resolving the problem. For example, a trouble ticket may 
characterize the severity of a problem as low, medium, or high. The severity classification may 
be reduced during the course of problem resolution, for example from high to medium in 
response to installation of a short-term patch, or in response to reconfiguration of system 
resources to skirt the problem. When the problem is resolved satisfactorily, the trouble ticket is 
closed. 

Although FIG. 1 shows the trouble ticket system 180 as internal to the monitored system 1 10, the 
trouble ticket system 180 may be outside the monitored system 1 10, for example co-located with 
the service provider 100. In some situations, the trouble-ticket system 180 may communicate 
with the service provider 100 by e-mail, or through the World Wide Web, for example in the case 
of a Java-based trouble ticket system. A purpose of such communication is to transfer 
information relevant to the problem experienced by the system resources 140 to the service 
provider 100. 
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As shown in FIG, 1, the monitored system 1 10 may include a clock 190 for time-stamping 
records in the database 150, providing time of day to the access control logic 120, counting-down 
predetermined intervals of time, and so forth. 

FIG. 2 is a flowchart that shows aspects of the inventive method. The customer who is 
responsible for the monitored system 1 10 establishes - i.e., prearranges - a user account for the 
service provider 100 (step 200), for example by recording the provisions of such an account on 
the database 150. When activated, the prearranged user account enables the service provider 
100 to log-in to and access the system resources 140, i.e., when the prearranged user account is 
activated, the access control logic 120 allows the service provider 100 to gain access to the 
system resources 140 through the prearranged user account. Until the prearranged user account 
is activated, however, the prearranged user account is dormant, which means here that the access 
control logic 120 blocks attempts to use the prearranged user account. The prearranged user 
account may be activated by the trouble ticket system 180, by the monitoring tool 170, or by 
other logic such as logic within the monitored system 1 10. The prearranged user account may 
be deactivated, i.e., returned to dormancy, by the trouble ticket system 180, by the monitoring 
tool 170, by the access control logic 120, or by other logic such as logic within the monitored 
system 1 10. 

The method of FIG. 2 then awaits the occurrence of a trigger event (step 210) associated with the 
system resources 140. A trigger event may be, for example, detection of a problem by the 
monitoring tool 170, opening of a trouble ticket on the trouble ticket system 180, and so forth. In 
automatic response to the occurrence of a trigger event, the prearranged user account is activated 
(step 220). 

The method then awaits the occurrence of a closure event associated with the trigger event (step 
230). A closure event may be the occurrence of a service condition, for example the closing of a 
previously opened trouble ticket, or the reduction in severity of a problem tracked by the trouble 
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ticket. A closure event may also, or alternatively, be the satisfaction of a temporal condition, for 
example the expiration of a predetermined period of time after the occurrence of the trigger event 
(e.g., two hours after the opening of a trouble ticket), or at a predetermined time of day (e.g., at 
each midnight). In automatic response to the occurrence of the closure event, the prearranged 
user account is deactivated (step 240), and the method returns to await the occurrence of another 
trigger event (step 210). 

FIG. 3 is a flowchart that shows aspects of another embodiment of the inventive method. The 
customer who is responsible for the monitored system 1 10 establishes a prearranged user account 
for the service provider 100 (step 300). When activated, the prearranged user account enables 
the service provider 100 to log-in to and access the system resources 140, i.e., when the 
prearranged user account is activated, the access control logic 120 allows the service provider 
100 to gain access to the system resources 140 through the prearranged user account. Until the 
prearranged user account is activated, however, the prearranged user account is dormant. The 
prearranged user account may be activated by the trouble ticket system 180, by the monitoring 
tool 170, or by other logic such as logic within the monitored system 1 10. The prearranged user 
account may be deactivated, i.e., returned to dormancy, by the trouble ticket system 180, by the 
monitoring tool 170, by the access control logic 120, or by other logic such as logic within the 
monitored system 110. 

The method of FIG. 3 then awaits the opening of a trouble ticket associated with the system 
resources 140 (step 310). In automatic response to the opening of the trouble ticket, the 
prearranged user account is activated (step 320). Once the prearranged user account has been 
activated, the method then awaits the closing of the trouble ticket (step 330). In automatic 
response to the closing of the trouble ticket, the prearranged user account is deactivated (step 
340), and the method returns to await the opening of another trouble ticket (step 310). 

FIG. 4 is a flowchart that shows aspects of yet another embodiment of the inventive method. The 
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customer who is responsible for the monitored system 1 10 establishes a prearranged user account 
for the service provider 100 (step 400). When activated, the prearranged user account enables 
the service provider 100 to log-in to and access the system resources 140, i.e., when the 
prearranged user account is activated, the access control logic 120 allows the service provider 
100 to gain access to the system resources 140 through the prearranged user account. Until the 
prearranged user account is activated, however, the prearranged user account is dormant. The 
prearranged user account may be activated by the trouble ticket system 180, by the monitoring 
tool 170, or by other logic such as logic within the monitored system 1 10. The prearranged user 
account may be deactivated, i.e., returned to dormancy, by the trouble ticket system 180, by the 
monitoring tool 170, by the access control logic 120, or by other logic such as logic within the 
monitored system 110. 

The method of FIG. 4 then awaits the opening of a trouble ticket associated with the system 
resources 140 (step 410). In automatic response to the opening of the trouble ticket, the 
prearranged user account is activated (step 420). Once the prearranged user account has been 
activated, the method then awaits satisfaction of a temporal condition associated with the trouble 
ticket (step 430). Such a temporal condition may be, for example, the expiration of a 
predetermined period of time after the opening of the trouble ticket (e.g., two hours after the 
opening of the trouble ticket), or at a predetermined time of day (e.g., at each midnight). In 
automatic response to satisfaction of the temporal condition, the prearranged user account is 
deactivated (step 440), and the method returns to await the opening of another trouble ticket 
(step 410). 

From the foregoing description, those skilled in the art will appreciate that the present invention 
enables a service provider to have temporary access a to customer's system resources in a timely 
and responsive way so that problems may be resolved as quickly as possible, and yet does not 
subject the customer to the security risks associated with having a standing open account. For 
descriptive convenience, invention has been put in the context of a customer and a service 
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provider. Nevertheless, the invention is not limited to a narrow meaning of the terms "customer" 
and "service provider," and applies as well where access to a monitored system is required only 
temporarily to satisfy a service request. The invention applies as well, for example, in situations 
where the customer and the service provider are part of the same company, with the service 
provider being the owner of a particular application who may require temporary system access or 
additional system privileges to address a problem with the application. Thus, and in general, the 
foregoing description is illustrative rather than limiting, and the invention is limited only by the 
following claims. 
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